Resources

Reading Time: 1minute This whitepaper reveals how today’s security teams can build a secure culture. Following characteristically thorough research, lead author Dr. John Blythe explains why secure cultures are few and far between and how to build a secure culture in your organisation.

Reading Time: 1minute In this whitepaper, we outline the CybSafe approach to applying behavioural science, how it’s embedded in everything we do and how our products drive behaviour change in employees.

Reading Time: 1minute Is it time to reconsider traditional approaches to cyber security? For a long time now, people have largely been viewed as a cyber security “weakness”, and the viewpoint has shaped the majority of the cyber security strategies we see today. The strategies focus on restrictive measures. They focus single-mindedly on minimising the risks that people pose. Crucially, they do not consider how people can actively prevent cyber attacks, and therefore fail to capitalise on a valuable cyber defence. People-centric security flips the conventional thinking on its head.

Reading Time: 5minutes Following its inauguration in 2018, PeepSec returned in 2019 to facilitate further discussion on the opportunities and issues born from the interactions between people and technology.

Reading Time: 3minutes Following its inauguration in 2018, PeepSec returned in 2019 to facilitate further discussion on the opportunities and issues born from the interactions between people and technology.

Reading Time: 3minutes To understand how AI and machine learning can reduce cyber risk, it’s worth considering how a typical taxi journey will look in a few years time.Today, when you jump into a taxi, you’re greeted by a driver who might inquire into your preference of radio station and ask you one or two cursory questions while edging you towards your eventual destination.

There is a big, hairy elephant in the room when it comes to phishing: Many organisations believe that it’s okay, or right, or that they have no choice other than to punish people who repeatedly fail phishing simulations. Are they right? Before we answer that, let’s...

Reading Time: 3minutes To understand why it might be impossible to reduce human cyber risk without a secure culture, it’s worth considering a series of experiments from the world of behavioural science.The experiments weren’t designed to uncover security insights. Rather, they were designed to demonstrate quirks in human behaviour. Specifically, they were designed to reveal why people sometimes “cheat”.

Reading Time: 2minutes Although it might not seem like it, people’s actions following 9/11 demonstrate just how likely it is you’re miscalculating your cyber risk.Following the terrorist attacks of 9/11, people began to change their travel plans.

Reading Time: 2minutes As you may already be aware, most people prefer to avoid taking risks. In fact, most people prefer to avoid taking risks so much that they fail to do so even when taking the risk makes complete and total sense.

Broadly speaking, most phishing training works in more or less the same way. An automated tool sends simulated phishing and spear phishing simulations to those within your organisation. The simulations fool some, but not others. The tests reveal precisely who has been...

Reading Time: 2minutes Here’s an interesting conundrum for cyber security professionals.Some simulated attacks reduce human cyber risk.Others, however, have no effect on risk – and may even have a negative impact.

On the one hand, yes. Sophisticated cyber criminals are very much aware that, once a phishing scam becomes well known, its potency falls. So, over time, phishing scams adapt and evolve.

On the other hand, the the nuts and bolts of phishing scams are surprisingly static. On the whole, phishing attacks are quick, cheap and disastrously effective. Knowing this, criminals rarely tweak the inner workings of their phishing scams all that much.

The prankster’s goal was simple: to trick White House staff into responding to fraudulent emails for nothing more than a cheap thrill. With little to gain from the endeavour, the prankster’s efforts were basic.

The trickster wrote a simple email purporting to be from Donald Trump’s son-in-law, Jared Kushner. He sent it off to Tom Bossert (at the time Homeland Security Advisor). And he waited to see if the security advisor would respond.